1. Field of the Invention
The present invention relates to broadcast services in a communication system. More particularly, the present invention relates to a method and apparatus for offering broadcast services using encryption keys in a communication system.
2. Description of the Related Art
Recently, communication systems have been developed to offer a variety of multimedia services to users. Accordingly, broadcast and multicast services may be used to provide diverse contents to users. The broadcast and multicast services will be referred to herein as “broadcast services.”
The term “broadcast service” refers to a point-to-multipoint service in which one source object transmits multimedia data, such as audio data, image data and/or video data, to a plurality of recipients within its service coverage based on a uni-directional bearer service. The broadcast service supports a broadcast mode and a multicast mode. In the broadcast mode, data is broadcasted to all users in the service coverage. On the other hand, in the multicast mode, users have to subscribe to a particular service or service group provided by a Service Provider (SP) in order to enjoy multicast services.
In the multicast mode, broadcast service data is encrypted before transmission so that it may be delivered only to the users who have subscribed to the broadcast service. The transmitted encrypted data must be decrypted by the users prior its use. Therefore, encryption keys, used by the service provider in encrypting broadcast data, should be shared with the users. A description will now be made of an encryption key management for broadcast service data between a service provider and users in a conventional communication system.
FIG. 1 illustrates an encryption key management in a conventional broadcast service system. The encryption key management method occurs between a network and a terminal in a broadcast service system based on Worldwide Inter-operability for Microwave Access (WiMax), i.e., Institute of Electrical and Electronics Engineers (IEEE) standard 802.16. For reference, the encryption key management described in connection with FIG. 1 can be similarly applied to a 3rd Generation Partnership Project (3GPP) broadcast system. Before a detailed description of the encryption key management is given, factors used for encryption key management will be described below.
A Traffic Encryption Key (TEK) is used to encrypt service content data. The TEK is periodically updated and transmitted to a terminal(s) having a Group Key (GK) defined below. The terminal receives the TEK and can decrypt data encrypted with a TEK using the received TEK.
The Group Key (GK) is a key shared among terminals that have subscribed to a broadcast service. The GK, commonly created in a network, can be periodically updated and transmitted to terminals that have subscribed to a particular service group.
A Security Key (SK) is mutually shared by a network and a terminal that has subscribed to a broadcast service, through a certain setting process. The SK is used by the network to encrypt and transmit a GK or the like.
A detailed description of FIG. 1 will now be made based on factors used for encryption key management.
Referring to FIG. 1, a network 120 encrypts a GK and transmits the GK to a terminal 110 in step 101. The GK is encrypted with an SK and transmitted to each terminal 110 on a point-to-point basis. The resulting key is indicated by ESK(GKy), where a subscript “y” indicates an order in which the GK is updated when a broadcast service call is connected. That is, the resulting the key is y-th updated in an arbitrary call.
In step 103, the network 120 updates a TEK with the GKy and transmits the resulting key TEKx+1 to the terminal 110 on a point-to-multipoint basis. The network 120 encrypts actual content data using the TEKx+1, and the terminal 110 decrypts the encrypted data using the TEKx+1. Since the TEK is set shorter than the GK in a lifetime, the TEK is more frequently updated compared with the GK. In step 105, the TEK is encrypted and updated by a GKy and the resulting key TEKx+n is transmitted to the terminal 110. That is, the TEK undergoes n update processes from the process for the TEKx+1 of step 103 through the process for the TEKx+n of step 105. Here, the same GKy is used in steps 103 and 105. In step 107, as the lifetime of the GK 109 expires, a new GK is updated and transmitted to the terminal 110 on a point-to-point basis. As a result, the TEK is encrypted and updated with a newly updated GKy+1.
With reference to FIGS. 2 and 3, a description will now be made of a conventional encryption key management in an Open Mobile Alliance BroadCAST (OMA BCAST) system. FIG. 2 illustrates an encryption key management for a registered terminal, and FIG. 3 illustrates an encryption key management for a Pay-Per-View (PPV) terminal. The “registered terminal” refers to a terminal that subscribes to a particular broadcast service for a relatively long time, while the “PPV terminal” refers to a terminal that subscribes to a service in units of a short time, e.g. in units of specific programs. For example, a terminal, which has purchased a one-month coupon for an arbitrary broadcast service, may correspond to the registered terminal. A terminal, which has purchased a coupon for a single drama at a particular date, corresponds to the PPV terminal. A length of the subscription period is variable.
In the OMA BCAST, a Service Encryption Key (SEK) and a Program Encryption Key (PEK) are further used in addition to the keys used in the WiMax of FIG. 1. The SEK is used to encrypt a particular broadcast service, and the PEK is used to encrypt a particular program. For example, the broadcast service can be provided by a service provider, and the program can be a particular program provided by the service provider.
Encryption key management in a registered terminal will first be described with reference to FIG. 2.
FIG. 2 illustrates an encryption key management in a registered terminal in a conventional OMA BCAST.
Referring to FIG. 2, a network 120 updates an SEK with an SK and transmits a resulting key SEKy to a registered terminal 210 in step 201. In step 203, the network 120 encrypts a PEKz with the updated SEKy, updates a TEK with the encrypted PEKz, and transmits the resulting key TEKx+1 to the registered terminal 210. The network 120 encrypts content data with the updated TEKx+1 and transmits the encrypted data. The registered terminal 210 decrypts the transmitted encrypted data using the transmitted updated TEKx+1. When a lifetime of the TEKx+1 expires, the network 120 updates the TEK again in step 205. Also, when a lifetime of the SEKy 209 expires, the network 120 updates a SEK with an SK and transmits the resulting key SEKy+1 to the registered terminal 210 in step 207. The SEKy+1 is then used for encryption of the PEK.
With reference to FIG. 3, a description will now be made of an encryption key management in a PPV terminal. FIG. 3 illustrates an encryption key management in a PPV terminal in a conventional OMA BCAST.
Referring to FIG. 3, a network 120 encrypts a PEKz with an SK at an arbitrary time and transmits the encrypted PEKz to a PPV terminal 310 in step 301, thereby updating the PEK. In step 303, the network 120 updates the TEK. That is, the network 120 encrypts the PEKz with an SEKy, encrypts a TEKx+1 with the PEKz, and transmits the encrypted keys to the PPV terminal 310. Thereafter, during a lifetime of the PEKz, the network 120 encrypts a TEK with the PEKz to update the TEK in sequence. After a lifetime of the PEKz expires, the network 120 updates the next PEK (PEKz+1) in step 305. That is, the network 120 encrypts the PEKz+1 with an SK and transmits the encrypted PEKz+1 to the PPV terminal 310. Accordingly, a TEK is encrypted with the PEKz+1 to update the TEK until a lifetime of the PEKz+1 309 expires. In step 307, an nth TEK (TEKx+n) is updated with a PEKz+m.
As described with reference to FIGS. 1 to 3, since the network encrypts content data with a TEK and the terminal decrypts the encrypted data with the TEK, the network should update a variety of encryption keys several times, and transmit the updated TEKs to the terminal. In this case, resources consumed between the network and the terminal to update the encryption keys may increase.
Therefore, a need exists for a method and apparatus for reducing resources in a network when encryption keys are updated.